Police swoop on 'hacker of the year'

By Asher Moses

15 November 2007 — 9:55pm

The Swedish hacker who perpetrated the so-called hack of the year has been arrested in a dramatic raid on his apartment, during which he was taken in for questioning and several of his computers confiscated.

Dan Egerstad, a security consultant, intercepted data carried over a global communications network used by embassies around the world in August and gained access to 1000 sensitive email accounts. They contained confidential diplomatic memos and other sensitive government emails.

After informing the governments involved of their security failings and receiving no response, Egerstad published 100 of the email accounts, including login details and passwords, on his website for anyone curious enough to have a look. The site, derangedsecurity.com, has since been taken offline.

The hack required little more than tools freely available on the internet, and Egerstad maintains he broke no laws. In fact, he is confident the email accounts he gained access to were already compromised by other hackers, so his efforts in fact prevented them from continuing their spying.

Egerstad was soon back to his regular routine but, on Monday morning, his apartment, located 650 kilometres from Stockholm, was raided by four agents from Swedish National Crime (which Egerstad calls "our FBI") and Swedish Security Police ("our CIA").

About 9am Egerstad walked downstairs to move his car when he was accosted by the officers in a scene "taken out of a bad movie", he said in an email interview.

"I got a couple of police IDs in my face while told that they are taking me in for questioning," he said.

But not before the agents, who had staked out his house in undercover blue and grey Saabs ("something that screams cop to every person in Sweden from miles away"), searched his apartment and confiscated computers, CDs and portable hard drives.

"They broke my wardrobe, short cutted my electricity, pulled out my speakers, phone and other cables having nothing to do with this and been touching my bookkeeping, which they have no right to do," he said.

While questioning Egerstad at the station, the police "played every trick in the book, good cop, bad cop and crazy mysterious guy in the corner not wanting to tell his name and just staring at me".

"Well, if they want to try to manipulate, I can play that game too. [I] gave every known body signal there is telling of lies ... covered my mouth, scratched my elbow, looked away and so on."

Egerstad said the police also accused him of theft because he had eight PlayStation 2 consoles in his apartment. He said he owns a company that "handles consoles".

Egerstad was released and no charges have been laid against him, but the police are in the process of investigating the matter and nothing has been ruled out.

Linus Larsson, a reporter for Computer Sweden magazine whom Egerstad called after the ordeal, said in a phone interview he had confirmed with Swedish police that the raid took place.

"We don't know exactly what they [police] are doing now but they took his hard drives and his computers, and according to him the interrogation went on for about 2 hours and he was then released but he did not get his equipment back," Larsson said.

Egerstad said his lawyer was looking into whether the Swedish police had broken the law by taking several "unnecessary actions".

"They aren't giving me any information on who filed the report but said that they have been exchanging information with other countries."

He said he hadn't heard anything from police since the raid but he did not expect to receive the seized equipment back for months, even years.

"[I'm] losing money and trust in my company and even if i'm never charged I will not get any compensation it looks like."

The raid occurred around the same time a feature article on Egerstad's hack appeared in the Next IT section in The Age and The Sydney Morning Herald, but it is unlikely the story sparked the raid.

Patrick Gray, who wrote the article, has published a detailed audio interview with Egerstad, which took place before the raid, on his website ( http://itradio.com.au/security/).